The curse of the crypto locker virus, what happens to a business when they are unprepared for ransomware?

Have you ever come to work one morning to discover that you cannot access your critical business files on your business server? As you look into the issue further, you find a ransom note from a hacker demanding payment in the thousands of dollars to have your business files released. Your next thoughts are to go to last night’s backup and restore the server, finding that backups have not been occuring, as they should. You then take the chance and comply with the hacker’s demands, hoping that paying them will see your files returned safely back to you.

This scenario actually happened to a customer of mine, unfortunately for them their previous IT provider failed to prevent and protect their servers from being attacked. Below I unpack the events that happened to my customer with simple tips that your business can follow to make sure that this does not happen to your business.

How the crypto virus played out for my customer

My customer was attacked not once but twice by crypto viruses within 6 months. The first time it happened the hackers demanded half a bit coin which was valued around $8,000 AUD at the time. Naturally, just like any other business owner, they called up their IT provider at the time and asked them to restore from backups. Unfortunately, for the customer, their old IT Provider thought it was worthwhile saving them money by loading all their backups onto a USB hard drive. It turns out the USB hard drive was attached to the infected server, leading it to be encrypted as well.

The business owner asked their IT provider “Can you decrypt or break the encryption caused by the crypto locker virus?” The answer given was “It would take an incredible amount of effort and money to do so; you are better off paying the ransom and getting your files back.” A painful $8,000 AUD later, the files were restored.

A few months later, another form of ransomware infected the server again, but this time around, it only encrypted the files and folders and not the whole server. The server continued to run, however there was a text file message left in each directory declaring: “if you want your files back send an email to…” it was without surprise that this client had managed to end up on a hacker’s marketing list. Unfortunately for him, the old IT provider did not put any measures in place to minimise these types of attacks from reoccurring.

What is a business to do in this situation?

To pay or not to pay the hacker?

In the scenario above, the business owner ended up paying to have their files released, but was this the right thing to do?

According to Cyber Edge’s Cyber Threat 2018 report only 19% of victims who paid actually got their files back. On the other side, 19% of victims who did pay actually lost their data, with 53% of victims not paying and recovering their data themselves.

In my opinion, the best thing to do is to follow the 53% of businesses and make sure you have your back up running on a daily basis. In most cases hackers are testing the waters to see if you will pay or not. Sometimes hackers themselves do not have the ability to unencrypt the viruses they deploy, making the damage irreversible even if you do pay.

Make sure your business has an operational back up and disaster recovery plan

Backup and disaster recovery is a critical part of an organisation to ensure your business stays operational in the face of data loss or infrastructure failure. My backup recommendations are as follows:

Never backup to a USB hard drive, instead invest in an offsite private cloud storage solution to back up to

Make sure your backups are image based

Always have an offsite copy of your backups to minimise the risk of theft and fire and backup every night

Avoid having backups on an overseas platform as they can take over a day to download before they can be used

Backups should be monitored to ensure that they have been occuring

We achieve the above by using a mix of technology and software solutions such as Microsoft, StorageCraft, and Veeam to ensure a robust backup system is in place.

Follow our preventative cyber security threat guide

Our Cyber Security threat guide runs through simple measures your business can take to ensure that your business is not attacked by ransomware. Download our comprehensive guide to Cyber Security here.

Call Empower IT Solutions

Empower IT Solutions provides back up monitoring for both onsite and offsite cloud backups as part of its Managed IT services package. It doesn’t matter if you are 10 or a 100 staff in size, we implement the very same backup setup as it has proven to work consistently time after time. When it comes to network security and data backups if you cheap it out, you never save money in the long run.